Bank of Montreal ‘Annual Account Maintenance Procedure’ Phishing Scam

Outline:
Email purporting to be from the Bank of Montreal (BMO) claims that the bank is performing its annual account maintenance procedure and you must therefore click a link to login and complete the requested actions.

Brief Analysis:
The email is not from BMO and the claim that you must click a link to complete account maintenance is untrue. The email is a phishing scam designed to steal your BMO account login details and other personal and financial information.

Example:Subject: Important NoticeDear Customer,

BMO is performing the annual account maintenance procedure. Please login to your account and complete the requested actions.Once logged in you will be guided to the rest of the process.Log into Online Banking now to complete the maintenance.

Thank you,

Bank of Montreal

This is an automatically generated email, please do not reply to this message.

Detailed Analysis:
According to this email, which purports to be from the Bank of Montreal (BMO), you are required to complete the bank’s annual account maintenance procedure. The email asks you to click a link to login and claims that, once you have logged in, you will be guided through the rest of the maintenance procedure.

However, the email is not from BMO and the link does not go to an account maintenance procedure as claimed. In fact, the email is a phishing scam designed to steal your personal and financial information.

If you click the link as requested, you will be taken to a fraudulent website designed to closely mirror the genuine BMO login page. Once you have entered your card number and password on the fake site, you will be taken to a second fake page that features an ‘account update’ form. The bogus form asks you to supply your name and contact details, ID information, and credit card numbers. After supplying this information, you may then be redirected to the genuine BMO website.

Meanwhile, the criminals who sent out the fake email can now collect your BMO login details and the other information you supplied and, thus armed, hijack your bank account and commit credit card fraud and identity theft.

Banks and other financial institutions all around the world are regularly targeted via such phishing scams. Be wary of any email that purports to be from your bank and claims that you must click a link or open an attached file to perform account maintenance, update details, or rectify a supposed account problem. It is always safest to access your online accounts by entering the address into your browser’s address bar rather than by clicking a link in an email.